Skip to main content

Security Command Center now supports CIS 1.1 benchmarks and granular access control


Security Command Center (SCC) is our native Google Cloud product that helps manage and improve your cloud security and risk posture. As a native offering, SCC is constantly evolving and adding new capabilities that deliver more insight to security practitioners. We’ve just released new capabilities in Security Command Center Premium that enable organizations to improve their security posture and efficiently manage risk for their Google Cloud environment. SCC now supports CIS benchmarks for Google Cloud Platform Foundation v1.1, enabling you to monitor and address compliance violations against industry best practices in your Google Cloud environment. Additionally, SCC now supports fine-grained access control for administrators that allows you to easily adhere to the principles of least privilege - restricting access based on roles and responsibilities to reduce risk and enabling broader team engagement to address security.

Security Command Center with its native security and risk management capabilities is used by enterprises across the world to protect their environment by gaining visibility into cloud assets, discovering misconfigurations and vulnerabilities in resources, detecting threats targeting Google Cloud assets, and maintaining compliance based on industry standards and benchmarks. These new capabilities further enhance enterprise security teams' ability to demonstrate accountability and transparency of their Cloud compliance stance and gain operational efficiency with scoped access.

Improve your security posture with CIS Google Cloud Foundation 1.1 benchmark

Organizations can now monitor and see how their Google Cloud environment stacks up against CIS Google Cloud Computing Foundations Benchmark v1.1. The CIS benchmark provides guidance for securing the GCP environment that can help organizations protect from common cyber threats and improve their overall security posture. CIS 1.1 expands coverage to additional Google Cloud services and refines instructions and guidance. 

With this release in SCC, you can continuously monitor resources and policy violations against common security controls described in the CIS Google Cloud Foundation 1.1 and certified by the Center for Internet Security for alignment with CIS Google Cloud Computing Foundations Benchmark v1.1.0. 

Security Health Analytics is a built-in service in Security Command Center that provides misconfiguration findings across your GCP environment along with recommendations to remediate those findings. These findings are mapped to the supported compliance standards and industry best practices, giving you the ability to prioritize actions based on the compliance regime applicable to your organization. 

SCC provides a one-click compliance dashboard, making it seamless to get a complete view of where your environment is passing and failing against the CIS 1.1 benchmarks. It gives you quick posture stance metrics against the different levels in CIS 1.1 benchmarks - Level 1 is considered as a base recommendation to lower the attack surface and Level 2 is considered as a best practice for security conscious organizations. 

The CIS 1.1 report indicates the number of controls that are passed, how many need to be addressed, and remediation steps for addressing the failed controls against the standard. It also provides an export capability that lets you easily demonstrate your compliance stance to internal and external audit teams.

In addition to CIS, SCC also supports Payment Card Industry Data Security Standard (PCI DSS v3.2.1), International Organization for Standardization (ISO 27001), and National Institute of Standards and Technology (NIST 800-53). 

Manage assets and findings within an assigned scope.

With the new fine-grained access control capability, you can grant access to assets and findings at the folder and project level. This enables you to isolate projects and folders and restrict employee access to only those who need to do their jobs. If you need to delegate SCC findings to specific teams without having to give those teams a view of the entire organization or need to restrict specific folders for compliance regimes, you can now achieve this using the access control capability. 

Many organizations are looking to ensure security is addressed earlier on in the development and their application roll out lifecycle. Organizations can use this capability to engage development teams and line-of-businesses to take ownership for addressing the security findings for the assets their teams own. 

Enabling fine-grained access control at the folder and project level provides individual teams to review findings and quickly act on the ones they are responsible to address. These fine-grained access controls enable your security teams to scale, help reduce the security risk, and achieve compliance goals by limiting access as needed within your organization.

If you are already using SCC Premium, you can get started with these new capabilities today using our product documentation. If you don’t yet have an SCC Premium subscription, contact your Google Cloud Platform sales team.

Anoop Kapoor
Product Manager,
Google Cloud

Anil Nandigam
Product Marketing Lead,
Google Cloud Security


Popular posts from this blog

Use Vault for Gmail Confidential Messages and Jamboard Files

Google vault will be supporting two new formats in the future, Gmail confidential mode emails & Jamboard files stored in Google Drive. Google Vault gives you a chance to retain, hold, search, and export data to support your organization’s retention and eDiscovery needs. This dispatch includes support for new information types with the goal that you can thoroughly oversee your association's information. What happens when individuals in your association sends confidential messages? Vault can hold, retain, search, and export all confidential mode messages sent by users in your association. Messages are constantly accessible to Vault, notwithstanding when the sender sets a termination date or denies access to private messages. Here’s an example of what will see in Vault when they search for and preview this email sent by . But It’ll not work vise versa. Admins can hold, retain, search and export message headers and s

Zoom’s Work Transformation Summit on Jan. 19: Fresh Approaches for Moving Forward

These past two years have undoubtedly reshaped work. More specifically, these past two years — shuffling between remote, in-person, and hybrid work scenarios — reshaped what employees expect out of their jobs, how they want to work, and what the office means to them.  Organizations are challenged with making big decisions to meet those expectations, and those decisions will dramatically alter how they hire, manage their facilities, buy technology, and maintain productivity. Simply adjusting policies and retooling previous work models won’t do. It takes a comprehensive reimagining. To help organizations navigate this next phase of work, Zoom is hosting our  Work Transformation Summit  on Jan. 19, a free, half-day virtual event designed to provide you and your organization with meaningful strategies, creative approaches, and innovative solutions for redefining work.  Summit attendees will have the opportunity to hear from peers and industry experts on the importance of embracing technolo

Access well-known educational technology tools straight from Google Classroom.

  We're making it simpler for instructors to use popular EdTech products that are most effective for their class right in Google Classroom with a new seamless integration of single sign-on, assigning, and grading. With the help of this feature, teachers can find, assign, and grade interesting content for their classes, and both teachers and students can access their EdTech tools without needing to navigate to other websites or apps or go through a cumbersome login process that requires remembering numerous usernames and passwords. This offers a more simplified experience when using technology to affect learning, in addition to saving instructors and students time. We partnered with 15+ EdTech companies to build custom add-ons, including Kahoot!, Pear Deck, IXL, and Nearpod.  Admins :  In order for educators to use add-ons, district administrators must provide access to them. For further information on how to install the add-ons functionality and specific add-ons for a domain, OU, o